Splunk search for Creations and Modifications to user roles
Copy
index="_audit" action=edit_roles operation=* | table _time user operation object*
This search will produce a table that shows all times within the search window that a user role was modified. It will provide details on the time of the modification, the user who performed it, what was attempted and the role that was attempted to be changed.
0 comments
[0]
[0]
[0]
[0]
Sign in or Register to submit a comment